Harris/Decima shall protect personal information by security safeguards appropriate to the sensitivity of the information.

 

1) Harris/Decima shall protect personal information against such risks as loss or theft, unauthorized access, disclosure, copying, use, modification or destruction, through appropriate security measures, regardless of the format in which it is held.

 

2) Harris/Decima shall protect personal information disclosed to third parties by contractual agreements stipulating the confidentiality of the information and the purposes for which it is to be used.

 

3) Harris/Decima's employees with access to personal information shall be contractually required to respect the confidentiality of that information.

 

4) The nature of the safeguards will vary depending on the sensitivity, amount, distribution and format of the information, and the method of storage. More sensitive information will be safeguarded by a higher level of protection.

 

5) The methods of protection will include:

 

    (a) physical measures, for example, locked filing cabinets and restricted access to offices;

 

    (b) organizational measures, for example, controlling entry to data centers and limiting access to information on a “need-to-know” basis;

 

    (c) technological measures, for example, the use of passwords and encryption; and

 

    (d) investigative measures, in cases where Harris/Decima has reasonable grounds to believe that personal information is being inappropriately collected, used or disclosed.

 

RES HR 0883.00-02,04